wrygiel
commented
8 years ago I didn't mean for input XML parameter to be additionally signed (with xmldsig etc.), just the transport protocol (SSL).
You're right. I have used a wrong terminology - "request signing" is not the correct way of saying what I was aiming for here. I'll try to fix that in the next revision.
"The request is signed with a trusted client certificate"
Should the request itself be signed or that the transport is secured with a client certificate?
Unless we are storing messages in transport, the message itself does not have to be signed.